Tuesday, June 26, 2012

Transparency Portals - An invitation to Identity theft

Pleased as punch
So, you read with glee the number of cylinders your minister was using. He should not be using so many subsidised cylinders? Fine

Guess what? Your name, address and number of cylinders and when you ordered them is there too.

Privacy Disaster
This portal is a disaster from a privacy perspective. The idea was very poorly thought through. Imagine an e-commerce company just dumping customer data on the web, amillion people would be baying for blood.

One of the Gas companies has embedded dealer ids in the URL query string itself. which allows for ralatively easy automated scraping. I could do a data scrape on ALLcustomers all over INDIA and filter for customers who use a certain number of cylinders. A perfect database to to do direct marketing.

Not scared yet?

Identity Theft

It is an even more perfect database to commit identity theft. All your basic identity/citizenship documents are predicated on your gas connection. Authentication to your bank. Gas bills are one of the easiest things to duplicate. Infact, you could get the details of the bill from the website itself.

It is just begging to be abused.

The government should instruct the gas marketing companies to take it down immediately and rethink the way they want to do this.

What Next?

Electricty bills? Since that is also subsidised. All Income tax payers? with PAN?

It's about time that the Government hire a CIO. These half assed e-governance initiatives are bound to trip up sooner than later.

No comments: